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Discussion Topics 


¢ Cybersecurity Challenges 

¢ Policy Work 

¢ Security Awareness & Training 
¢ Execution of Policies 


¢ Next Steps 
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Cybersecurity Challenges 
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A complex, moving target 


Cyber threats are an increasing risk for MassDOT as professional hackers execute ever more 
sophisticated attacks against government agencies and private sector companies. 


Commonwealth and MassDOT priority 


The Commonwealth and MassDOT have identified cybersecurity as top priority. Cybersecurity 
is critical to MassDOT’s ongoing ability to successfully perform its mission. 


Cybersecurity begins with us 


Cybersecurity is not simply an IT issue, it is an enterprise-wide responsibility. To successfully 
prevent, identify, and address cybersecurity threats, everyone’s involvement is imperative. 
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Policy Work 


How do we ensure employees have the 
Fe jppropriate accesses to the correct information? 
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[fis] Are mechanisms in place to track activities 

BA) performed on our systems? 

How dowe measure the effectiveness 
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Mow can we ensure cur facilities are protected 
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How do we mitigate risks associated 
ise with employee and contractor access to sensitive 


rare erenriomriaal Policies and internal controls have been 
3} EROS 100% signed off as draft by MassDOT senior 
——— leadership for implementation 


s=V budget to ensure the highest 
possible level of protection? 


The first policy to be implemented is Security Awareness & Training. 
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Security Awareness & Training 


The Security Awareness & Training program is being delivered in three phases. Phase 1, the 
current project, defines the program and establishes the approach for subsequent work. 


Current Project Summer - Fall 2017 
March — May 
Leadership training and PHASE 1 
awareness campaign ; 
Define 
Comprehensive training plan Program 


Multi-channel communications 
strategy 


Training content requirements 
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Execution of Policies 


Based on a Survey distributed to MassDOT information system users, respondents see 
cybersecurity as important, and are receptive to training and additional knowledge. 


Of the comments provided, 41% related to the 
need to change current practices; passwords 
were the most frequently cited pain point. 
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important and necessary 


acce ct question’ 
antp Base Wwordirying = 


lack ret 


negcompuleg tcMany. Af numberthin mate 
need 
eg a8dir Te if ation 


Sener D2QIUSe 
me at staff. "ypernods 
PRES ee ob elalning: Cyber MareOe. 


sik 


8 5.6% 3.1% 40.5% 


rap tistha/Personst sensitive somethings tse an leisure wn 
Cybersecurity is Uncertain | Cybersecurity is sae “eoipuertimeaccesSpec pl amen = 


inconvenient but unimportant and 


at = = : = 

= = cease = — : 

necessary unnecessary = Ser 22) ass CQV\Ay 0 gel 
+ = a i ihiite Tee " ake _ aera = ae 


= emails = 


name 


*Surface area of graphics are scaled to match percentage proportions | > eS 
4/10/2017 6 yi “J Sy 1K, 
—" i | ee 


There are several components that are essential to the success of the Security Awareness & Training 
program. 


Leadership support 


Will be essential for communicating the value of the program 
and gaining buy-in 


Receptive adoption 


Change management is crucial to successfully implementing the 
training and adopting cybersecurity best practices 


Enterprise-wide involvement 


Cybersecurity needs to be the responsibility of every division, 
not only IT 


Ongoing input 
With your continued input, the implementation will have best 
chance at succeeding short-term and being sustainable long- 
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